Comment by SahAssar
1 day ago
So you've managed to unlearn the last decade of security learnings in regards to zero-trust and similar concepts?
1 day ago
So you've managed to unlearn the last decade of security learnings in regards to zero-trust and similar concepts?
I'm not running a business, I'm running a home. The threat models are totally different and I adjust my security posture accordingly.
Besides, I don't bother with auth for simple services, not stuff that actually hosts data. If someone unauthorized is inside my network they're not going to be interested in using my TTS/STT service or in finding out the last barcode I scanned or in using my tiny consumer GPU to generate tokens on an LLM—there are way worse things they could be doing at that point than fiddling with the many tiny services I have set up.
Also: I couldn't set up so many silly, inconsequential services if I didn't have a VPN. With my setup, every new idea I have can be a quick service on my network accessible by me anywhere in the world. If I had to expose each of these things to the internet I wouldn't bother running them at all lest they have an exploit that ends up being an entrypoint into my network.
You need to understand your own risk tolerance and, more importantly, effort/resource threshold. Zero-trust is great if you have the resources to put to it, and companies should do it. But individuals trying to manage multiple companies worth of services, alone, on their own network? There's going to be corners cut.
That's a comically uncharitable extrapolation on what was said.
self hosting is entirely different than enterprise security practices. You're a little out of touch with reality if you don't realize this.
I'm being serious - please educate us, how do you think that we can do better in a homelab setting? How do you apply zero-trust principles in homelab environment with reasonable effort and without relying on 3rd party services?